[Hack]in(sight) Vol.2 No.8

When people talk about hacking and social networks, they're not referring to the common definition of hacking, which is using malicious code or backdoors in computer networks to damage systems or steal proprietary information. Hacking into social networks requires very little technical skill. It's much more of a psychological game -- using information on personal profiles to win a complete stranger's trust.

However, 'Social' is a release that describes more sofisticated kinds of attacks. Let's have a look at contents:

Page 5: Geolocation & Phishing​: You can run, but you can never hide!

Intro: Firstly, we knew one person who was arranging the training, and that she was a part of a group who were at the location to ensure the facilities were suitable. Based on this, a very simple email was sent: "Hi, how are you? Thought you might want tocheck out the weather where you, it's raining and cold here.. Cheers, J".

First, I tried to lure them with the most basic of phising attempts.The idea was that if the link was clicked they would connect to a site which would record the IP address they were connecting from, so it would work if they were on a cellphone using a mobile browser, or a laptop using the hotel Wi-Fi. Unfortunately, years of saying ‘Don’t click on links unless you know what it is’ works, even if that email comes from a trusted source. So first attempt failed.

Page 12: External XML Entity Attacks

Intro: 2014 has been a turbulent year regarding breaches and developments within the information security world. Multiple large American organizations had to deal with the loss of sensitive customer information, such as credit card details from customers or payroll information from employees. On top of that, vulnerabilities such as Heartbleed and Shellshock made headlines.

Both Facebook and Google were vulnerable for a so-called External XML Entity Attack (XXE), which made it possible to gain direct access to Facebook’s and Google’s production servers due to a vulnerability present within the used XML parsers.

Page 15: XSSYA - The Browser for XSS

Intro: XSS attacks are becoming more and more sophisticated these days and are being used in pair with spear phishing, social engineering and drive-by attacks. According to OWASP Top 10:

XSS Related on Top 3 (A3) 

80% of all the security incidents in the financial sector have been attributed to cross site scripting

​Page 29: Tango: Honeypot Intelligence with Splunk

Intro: Tango is a set of scripts and Splunk apps which help organizations and users quickly and easily deploy honeypots and then view the data and analysis of the attacker sessions. There are two scripts provided which facilitate the installation of the honeypots and/or Splunk Universal Forwarder. One of the scripts uf_only.sh will install the Splunk Universal Forwarder and install the necessary input and output configuration files. The other script sensor.sh will install the Splunk Universal Forwarder along with the Kippo honeypot required for the Tango Honeypot Intelligence app to work.

Page 46: Understanding Blind SQL Injection

Intro: If you're familiar with both manual and automated SQL Injection that were described in the previous releases of Hack insight Magazine, you know the basic theory of what SQL Injection is, you know how to carry it out using you web browser on a vulnerable website, and you know how to use SQLMap to automate some of the process.

We now have to find a website which is vulnerable to SQL Injection, but does not show error messages. Basically, a site which can be hacked into but not using classical attacks. The site will not give any obvious responses to our attacks. This is why it is called a blind SQL Injection. It is hard to know whether we're doing it right or not.

Page 61: How "../sms" could bypass 2 Factor Authentication

Part I - Format Injection: Format Injection is not a new bug, but it was never described as a subclass of A1 Injection. You probably already hate me for giving it a name (at least I didn’t create a logo!) but calling it an “injection” is too general.

Part II - Bypass Authy 2 factor authentication: Meanwhile we audited another popular 2FA provider and found a Highseverity format injection in Authy API. In fact the root of the problem was default Sinatra dependency “rack-protection”!

For more ethical hacking publications available on our website, subscribe to Hack Insight and receive:

--> 24 unique magazine editions per one year.
--> Access to all the previous releases from the archives.
--> Access to special publications, workshops and video tutorials.